walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Array index: detect array index out of bounds when datatype is unknown. Ticket: #2086

This commit is contained in:
Daniel Marjamäki 2010-10-11 20:52:14 +02:00
parent 3dfcbfc0e0
commit 74bf1821e6
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/checkbufferoverrun.cpp
View File

@ -1172,7 +1172,7 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
} }
else if (indentlevel > 0 && Token::Match(tok, "[;{}] %var% = %str% ;")) else if (indentlevel > 0 && Token::Match(tok, "[;{}] %var% = %str% ;"))
{ {
size = 1 + tok->tokAt(3)->strValue().size(); size = 1 + int(tok->tokAt(3)->strValue().size());
type = "char"; type = "char";
varid = tok->next()->varId(); varid = tok->next()->varId();
nextTok = 4; nextTok = 4;
@ -1794,6 +1794,9 @@ bool CheckBufferOverrun::ArrayInfo::declare(const Token *tok, const Tokenizer &t
if (!tok->isName()) if (!tok->isName())
return false; return false;
while (tok && (tok->str() == "static" || tok->str() == "const"))
tok = tok->next();
int ivar = 0; int ivar = 0;
if (Token::Match(tok, "%type% *| %var% [")) if (Token::Match(tok, "%type% *| %var% ["))
ivar = 1; ivar = 1;
@ -1802,6 +1805,9 @@ bool CheckBufferOverrun::ArrayInfo::declare(const Token *tok, const Tokenizer &t
else else
return false; return false;
if (tok->str().find(":") != std::string::npos)
return false;
// Goto variable name token, get element size.. // Goto variable name token, get element size..
const Token *vartok = tok->tokAt(ivar); const Token *vartok = tok->tokAt(ivar);
if (vartok->str() == "*") if (vartok->str() == "*")
@ -1813,8 +1819,6 @@ bool CheckBufferOverrun::ArrayInfo::declare(const Token *tok, const Tokenizer &t
{ {
_element_size = tokenizer.sizeOfType(tok); _element_size = tokenizer.sizeOfType(tok);
} }
if (_element_size == 0)
return false;
_varname = vartok->str(); _varname = vartok->str();
_varid = vartok->varId(); _varid = vartok->varId();

11
test/testbufferoverrun.cpp
View File

@ -103,6 +103,7 @@ private:
TEST_CASE(array_index_27); TEST_CASE(array_index_27);
TEST_CASE(array_index_28); // ticket #1418 TEST_CASE(array_index_28); // ticket #1418
TEST_CASE(array_index_29); // ticket #1734 TEST_CASE(array_index_29); // ticket #1734
TEST_CASE(array_index_30); // ticket #2086 - out of bounds when type is unknown
TEST_CASE(array_index_multidim); TEST_CASE(array_index_multidim);
TEST_CASE(array_index_switch_in_for); TEST_CASE(array_index_switch_in_for);
TEST_CASE(array_index_calculation); TEST_CASE(array_index_calculation);
@ -976,6 +977,16 @@ private:
TODO_ASSERT_EQUALS("[test.cpp:6]: (error) Array ii[10] out of bounds\n", errout.str()); TODO_ASSERT_EQUALS("[test.cpp:6]: (error) Array ii[10] out of bounds\n", errout.str());
} }
void array_index_30()
{
// ticket #2086 - unknown type
check("void f() {\n"
" UINT8 x[2];\n"
" x[5] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:3]: (error) Array 'x[2]' index 5 out of bounds\n", errout.str());
}
void array_index_multidim() void array_index_multidim()
{ {
check("void f()\n" check("void f()\n"